2019-05-02 17:17:27 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-01-11 21:15:10 -06:00
|
|
|
# since all the rescue from clauses are not caught by the application controller for matches
|
|
|
|
# we need to handle certain exceptions here
|
|
|
|
module Middleware
|
|
|
|
class DiscoursePublicExceptions < ::ActionDispatch::PublicExceptions
|
2023-01-09 06:10:19 -06:00
|
|
|
INVALID_REQUEST_ERRORS =
|
|
|
|
Set.new(
|
|
|
|
[
|
|
|
|
Rack::QueryParser::InvalidParameterError,
|
|
|
|
ActionController::BadRequest,
|
|
|
|
ActionDispatch::Http::Parameters::ParseError,
|
|
|
|
],
|
|
|
|
)
|
2018-01-11 21:15:10 -06:00
|
|
|
|
|
|
|
def initialize(path)
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(env)
|
|
|
|
# this is so so gnarly
|
|
|
|
# sometimes we leak out exceptions prior to creating a controller instance
|
|
|
|
# this can happen if we have an exception in a route constraint in some cases
|
|
|
|
# this code re-dispatches the exception to our application controller so we can
|
|
|
|
# properly translate the exception to a page
|
|
|
|
exception = env["action_dispatch.exception"]
|
|
|
|
response = ActionDispatch::Response.new
|
|
|
|
|
2022-02-07 07:16:57 -06:00
|
|
|
exception = nil if INVALID_REQUEST_ERRORS.include?(exception)
|
2018-12-13 01:27:02 -06:00
|
|
|
|
2018-01-11 21:15:10 -06:00
|
|
|
if exception
|
2018-01-22 16:00:08 -06:00
|
|
|
begin
|
|
|
|
fake_controller = ApplicationController.new
|
|
|
|
fake_controller.response = response
|
2019-11-20 22:51:18 -06:00
|
|
|
fake_controller.request = request = ActionDispatch::Request.new(env)
|
|
|
|
|
2020-01-01 19:34:38 -06:00
|
|
|
# We can not re-dispatch bad mime types
|
2019-11-20 22:51:18 -06:00
|
|
|
begin
|
|
|
|
request.format
|
|
|
|
rescue Mime::Type::InvalidMimeType
|
2023-01-09 06:10:19 -06:00
|
|
|
return [
|
|
|
|
400,
|
|
|
|
{ "Cache-Control" => "private, max-age=0, must-revalidate" },
|
|
|
|
["Invalid MIME type"]
|
|
|
|
]
|
2019-11-20 22:51:18 -06:00
|
|
|
end
|
2018-01-11 21:15:10 -06:00
|
|
|
|
2022-02-07 07:16:57 -06:00
|
|
|
# Or badly formatted multipart requests
|
|
|
|
begin
|
|
|
|
request.POST
|
|
|
|
rescue EOFError
|
2023-01-09 06:10:19 -06:00
|
|
|
return [
|
|
|
|
400,
|
|
|
|
{ "Cache-Control" => "private, max-age=0, must-revalidate" },
|
|
|
|
["Invalid request"]
|
|
|
|
]
|
2022-02-07 07:16:57 -06:00
|
|
|
end
|
|
|
|
|
2018-01-22 16:00:08 -06:00
|
|
|
if ApplicationController.rescue_with_handler(exception, object: fake_controller)
|
|
|
|
body = response.body
|
2023-01-09 06:10:19 -06:00
|
|
|
body = [body] if String === body
|
|
|
|
return response.status, response.headers, body
|
2018-01-22 16:00:08 -06:00
|
|
|
end
|
|
|
|
rescue => e
|
2022-02-07 07:16:57 -06:00
|
|
|
return super if INVALID_REQUEST_ERRORS.include?(e.class)
|
2023-01-09 06:10:19 -06:00
|
|
|
Discourse.warn_exception(
|
|
|
|
e,
|
|
|
|
message: "Failed to handle exception in exception app middleware",
|
|
|
|
)
|
2018-01-11 21:15:10 -06:00
|
|
|
end
|
|
|
|
end
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|